19a0086902
Currently, .init.text & .init.data are intermixed which makes it impossible apply different permissions to them. .init.data shouldn't need exec permissions while .init.text shouldn't have write permission. Moreover, the strict permission are only enforced /init starts. This leaves the kernel vulnerable from possible buggy built-in modules. Keep .init.text & .data in separate sections so that different permissions are applied to each section. Apply permissions to individual sections as early as possible. This improves the kernel protection under CONFIG_STRICT_KERNEL_RWX. We also need to restore the permissions for the entire _init section after it is freed so that those pages can be used for other purpose. Signed-off-by: Atish Patra <atish.patra@wdc.com> Tested-by: Greentime Hu <greentime.hu@sifive.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
15 lines
392 B
C
15 lines
392 B
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Copyright (C) 2020 Western Digital Corporation or its affiliates.
|
|
*/
|
|
#ifndef __ASM_SECTIONS_H
|
|
#define __ASM_SECTIONS_H
|
|
|
|
#include <asm-generic/sections.h>
|
|
|
|
extern char _start[];
|
|
extern char _start_kernel[];
|
|
extern char __init_data_begin[], __init_data_end[];
|
|
extern char __init_text_begin[], __init_text_end[];
|
|
|
|
#endif /* __ASM_SECTIONS_H */
|